CSRF in Tibco Rendezvous
CVE-2018-12414
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO R…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.007 (47.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Tibco Rendezvous
- Tibco Rendezvous_for_z\/linux
- Tibco Rendezvous_for_z\/os
- Tibco Rendezvous_network_server
- Tibco Substation_es
- Tibco Software Inc. Rendezvous — versions unspecified
- Tibco Software Inc. Rendezvous Developer Edition — versions unspecified
- Tibco Software Inc. Rendezvous For Z/linux — versions unspecified
- Tibco Software Inc. Rendezvous For Z/os — versions unspecified
- Tibco Software Inc. Rendezvous Network Server — versions unspecified
Weakness classification (CWE)
References
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2018-12414?
- CVE-2018-12414 is a high-severity vulnerability in Tibco Rendezvous, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2018-11-06.
- How severe is CVE-2018-12414?
- High severity. CVSS v3 base score is 7.5 out of 10.